sinkserver/deployment/deploy.yml

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  namespace: mainscnt
  name: deny-all-but-dns
spec:
  podSelector:
    matchLabels: {}
  policyTypes:
    - Egress
    - Ingress
  egress:
    - to:
      - namespaceSelector:
          matchLabels:
            kubernetes.io/metadata.name: kube-system
      ports:
        - protocol: UDP
          port: 53
        - protocol: TCP
          port: 53
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: sinkserver
  namespace: mainscnt
  labels:
    app: sinkserver
spec:
  replicas: 1
  selector:
    matchLabels:
      app: sinkserver
  template:
    metadata:
      labels:
        app: sinkserver
    spec:
      containers:
        - name: sinkserver
          image: wollud1969/sinkserver:e5f9d3e3
          ports:
            - containerPort: 20169
              protocol: UDP
          env:
            - name: PGHOST
              valueFrom: 
                configMapKeyRef:
                  name: sinkserver-config
                  key: dbhost
            - name: PGPASSWORD
              valueFrom:
                secretKeyRef:
                  name: sinkserver-secret
                  key: dbpass
---
apiVersion: v1
kind: Service
metadata:
  name: sinkserver
  namespace: mainscnt
  labels:
    app: sinkserver
spec:
  type: LoadBalancer
  selector:
    app: sinkserver
  ports:
    - protocol: UDP
      port: 20169
      targetPort: 20169
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-database-sinkserver
  namespace: database
spec:
  podSelector:
    matchLabels:
      app: timescaledb
  policyTypes:
    - Ingress
  ingress:
    - from:
      - podSelector:
          matchLabels:
            app: sinkserver
      - namespaceSelector:
          matchLabels:
            kubernetes.io/metadata.name: mainscnt
      ports:
        - protocol: TCP
          port: 5432
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-sinkserver-database
  namespace: mainscnt
spec:
  podSelector:
    matchLabels:
      app: sinkserver
  policyTypes:
    - Egress
  egress:
    - to:
      - podSelector:
          matchLabels:
            app: timescaledb
      - namespaceSelector:
          matchLabels:
            kubernetes.io/metadata.name: database
      ports:
        - protocol: TCP
          port: 5432
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-sinkserver-ingress
  namespace: mainscnt
spec:
  podSelector:
    matchLabels:
      app: sinkserver
  policyTypes:
    - Ingress
  ingress:
    - from:
      - ipBlock:
          cidr: 0.0.0.0/0
      ports:
        - protocol: UDP
          port: 20169